Subj : BBBS/2 Crashes
To   : Janis Kracht
From : mark lewis
Date : Mon Oct 03 2016 08:40:54

* Originally in bbbs.english
* Crossposted in fido_sysop
* Crossposted in fidonews
* Crossposted in fn_sysop
* Crossposted in sync_sysops

02 Oct 16 15:31, you wrote to me:

 >>> I've noticed INTENSE swarming of jerks on the telnet and also HTTP
 >>> server here :(

 >> when they connect, do they immediately start emitting text that
 >> consists of a user name, password and then a specific sequence of
 >> commands?? the specific sequence of commands is what i'm interested
 >> in...

 JK> No, but I think I know the kind of connection you are talking about.
 JK> I have seen those in the past. Now the kind of connections I get on
 JK> the telnet port and http port are connect/disconnect... Repeatedly.

here's a series of links regarding what i was specifically talking about... the 
first one contains a thank you to someone you know and was involved in early 
detection ;)

http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html
http://tinyurl.com/j5mqwkf

https://www.helpnetsecurity.com/2016/09/07/mirai-linux-trojan-iot-ddos-botnets/
http://tinyurl.com/zggknfv

http://motherboard.vice.com/read/15-million-connected-cameras-ddos-botnet-brian-krebs
http://tinyurl.com/zsrmgue

http://motherboard.vice.com/read/hacker-releases-code-that-powered-record-breaking-botnet-attack
http://tinyurl.com/hl4jclt


)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it 
wrong...
.... Marriage is an expensive way to get your laundry done free.
---
 * Origin:  (1:3634/12.73)

.